It is fu I ly autonomous, non-GU l-based, 
self-calibrating, and compliant with the 
VX WORKS flight software system. 

T his work was done by L ukas M andrake 
Benjamin J. Bornsten, Stojan Madzunkov, 
and John A. M acaskill of Caltech for NASA's 
Jet Propulsion Laboratory. For more informa- 
tion, contact i a offi ce@jpl.nasa.gov. 

The software used in this innovation is 
available for commercial licensing. Please con- 
tact Daniel Broderick of the California Insti- 
tute of Technology at danielb@caltech.edu. 
Refer to NPO-46956. 


<H Astronaut H ealth Partici- 
pant Summary Application 

The Longitudinal Study of Astronaut 
Health (LSAH) Participant Summary 
software captures data based on a cus- 
tom information model designed to 
gather all relevant, discrete medical 
events for its study participants. This 
software provides a summarized view of 
the study participant's entire medical 
record. The manual collapsing of all the 
data in a participant's medical record 
into a summarized form eliminates re- 
dundancy, and allows for the capture of 
entire medical events. The coding tool 
could be incorporated into commercial 
electronic medical record software for 
use in areas like public health surveil- 
lance, hospital systems, clinics, and med- 
ical research programs. 

The software also enables structured 
coding that enforces a custom set of 
rules, as well as captures the context of 
thecoded term.Theterminologyused is 
SNOMED CT, which is a massive termi- 
nology consisting of over 366,000 con- 
cepts with unique meanings and formal, 
logic-based definitions that are organ- 
ized into 18 hierarchies. In addition, it 
containsmorethan 993,000 descriptions 
or synonyms for flexibility in expressing 
clinical concepts. SNOMED CT is also a 
compositional terminology, so multiple 
concepts can be grouped together to 
create an expression that has a totally 
different logical definition. By using 
some custom composition rules along 
with the context within the Participant 
Summary, a user can greatly reduce the 
number of candidate concepts, which 
not only improves productivity, it en- 
sures that only legal SNOMED expres- 
sions can be created. 

LSAH defines the line between the 
terminology and the information 
model. It takes a middle road between 
putting all the structure in a complex 
coded term and putting all the structure 
in numerous database fields. 


This work was done by Kathy Johnson- 
Throop of Johnson SpaceCenter; Ralph Krog 
of National Space Biomedical Research Insti- 
tute; Deborah Eudy and Diane Parisian of 
EASI; Seth Rodriguez and John Rogers of 
Barrios Technology; and M ary Wear, Robert 
Volpe and Gina Trevino of Wyie Laborato- 
ries. Further information is contained in a 
TSP (see page 1).M SC-24172-1 


0 Adaption of the AMDIS 
Method to Flight Status on 
theVCAM Instrument 

Software has been developed to func- 
tion onboard the International Space 
Station (ISS) to help safeguard human 
health by detecting compounds of con- 
cern in the cabin atmosphere, both in 
identity and concentration. This soft- 
ware calibrates and processes a stan- 
dard 2D dataset (mass spectrum versus 
time) output from a gas chro- 
matogram/ mass spectrometer by iden- 
tifying temporal events, including the 
possibility for near simultaneous event 
overlap, reducing the mass spectra for 
each event and comparing to an arbi- 
trary library of known compounds. The 
level of autonomy, adjustment of pa- 
rametersfor the VCAM devices' specific 
data characteristics, and adaptive mass 
resolution to ease requirement of preci- 
sion mass calibration are three unique 
features of this design. The estimation 
of concentration is also a significant ad- 
dition to the standard AMDIS (NIST) 
implementation. Solution filtration 
based on elution time, and an arbitra- 
tion algorithm for similar matches, pro- 
vide the user with a more succinct, sin- 
gle-valued estimate in comparison to 
algorithmsdesigned to merely augment 
expert hand analysis. 

T his work was done by L ukas M andrake, 
Benjamin J. Bornsten, Seungwon Lee and 
Brian D. Bue of Caltech for NASA's Jet 
Propulsion Laboratory. For more in formation, 
con tact i a offi ce@jpl .nasa.gov. 

The software used in this innovation is 
available for commercial licensing. Please con- 
tact Daniel Broderick of the California Insti- 
tute of Technology at danielb@caltech.edu. 
Refer to NP046563. 


0 Natural Language Interface 
for Safety Certification of 
Safety-Critical Software 

Model-based design and automated 
code generation are being used increas- 
ingly at NASA. The trend is to move be- 
yond simulation and prototyping to 
actual flight code, particularly in the 


guidance, navigation, and control do- 
main. H owever, there are substantial ob- 
stacles to more widespread adoption of 
code generators in such safety-critical 
domains. Since code generators are typ- 
ically not qualified, there is no guaran- 
tee that their output is correct, and con- 
sequently the generated code still needs 
to be fully tested and certified. 

The AutoCert generator plug-in sup- 
ports the certification of automatically 
generated code by formally verifying 
that the generated code is free of differ- 
ent safety violations, by constructing an 
independently verifiable certificate, and 
by explaining its analysis in a textual 
form suitable for code reviews. This en- 
ables missions to obtain assurance about 
the safety and reliability of the code 
without excessive manual effort. The key 
technical idea isto exploit the idiomatic 
nature of auto-generated code in order 
to automatically infer logical annota- 
tions that describe properties of the 
code. These allow the automatic formal 
verification of the safety properties with- 
out requiring access to the internals of 
the code generator. The approach is 
therefore independent of the particular 
generator used. The use of a combined 
generation/ analysis tool can allow sys- 
tem engineers to concentrate on the 
modeling and design, rather than worry- 
ing about low-level software details. By 
providing tracing between code and ver- 
ification artifacts, and customizable 
safety reports, the tool supports both 
certification and debugging. Although 
integrated with the code generator, Au- 
toCert is functionally independent in 
the sense that it does not rely on the cor- 
rectness of any generator components. 
The tool has two main benefits: (1) it 
helps catch bugs in autocoders, and (2) 
it helps with the certification processfor 
the autogenerated code, thus mitigating 
the risk of using COTS autocoders that 
lack a trusted heritage. 

The AutoCert technology also has a 
number of advantages over other ap- 
proaches to formal verification. It can 
handle code with arbitrary loops, and 
can handle code generated from both 
continuous and discrete models. M ore- 
over, the certification system based on 
annotation inference is more flexible 
and extensible than decentralized ar- 
chitectures where certification infor- 
mation is distributed throughout the 
code generator. Identifying the pat- 
terns that are used to infer the annota- 
tions is an iterative process, but by al- 
lowing tracing between VCs 
(verification conditions) and state- 
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